NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7407ec0382
kumquat-buildroot/package/network-manager/0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
Bernd Kuhls 0a51ba655c package/network-manager: Add upstream patch to fix CVE-2018-15688 
NetworkManager includes some parts of the systemd-networkd code in its
codebase. That can be found at src/systemd/src/libsystemd-networkd.
The DHCP implementation provided by systemd-networkd is used when
NetworkManager is configured to use the internal implementation,
however the default is to use dhclient.

When NetworkManager is configured to use the internal dhcp and an
interface is setup with ipv6.method=auto (which is the default value)
or ipv6.method=dhcp, this flaw can be exploited. When using
ipv6.method=auto, the DHCPv6 client can be automatically started with a
Router Advertisement packet.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-30 22:50:30 +01:00

39 lines
1.3 KiB
Diff
Raw Blame History

From 01ca2053bbea09f35b958c8cc7631e15469acb79 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Oct 2018 12:12:33 +0200
Subject: dhcp6: make sure we have enough space for the DHCP6 option header
Fixes a vulnerability originally discovered by Felix Wilhelm from
Google.
CVE-2018-15688
LP: #1795921
https://bugzilla.redhat.com/show_bug.cgi?id=1639067
(cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)
Patch downloaded from upstream commit:
https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=01ca2053bbea09f35b958c8cc7631e15469acb79
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
src/systemd/src/libsystemd-network/dhcp6-option.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
index d178fe2..9027c14 100644
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
@@ -108,7 +108,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, const DHCP6IA *ia) {
return -EINVAL;
}
- if (*buflen < len)
+ if (*buflen < offsetof(DHCP6Option, data) + len)
return -ENOBUFS;
ia_hdr = *buf;
--
cgit v1.1
Reference in New Issue View Git Blame Copy Permalink